CVE-2024-41174 - Vulnerability Details - OpenCVE

The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Beckhoff	Ipc Diagnostics Ipc Diagnostics Package Twincat\/bsd

Configuration 1 [-]

OR	cpe:2.3:a:beckhoff:ipc_diagnostics_package::::::::
	cpe:2.3:o:beckhoff:twincat\/bsd::::::::

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2024-048

History

Thu, 12 Sep 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beckhoff ipc Diagnostics Package
CPEs		cpe:2.3:a:beckhoff:ipc_diagnostics_package::::::::
Vendors & Products		Beckhoff ipc Diagnostics Package

Tue, 27 Aug 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beckhoff Beckhoff ipc Diagnostics Beckhoff twincat\/bsd
CPEs		cpe:2.3:a:beckhoff:ipc_diagnostics:::::::: cpe:2.3:o:beckhoff:twincat\/bsd::::::::
Vendors & Products		Beckhoff Beckhoff ipc Diagnostics Beckhoff twincat\/bsd
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 27 Aug 2024 08:15:00 +0000

Type	Values Removed	Values Added
Description		The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.
Title		Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD
Weaknesses		CWE-79
References		https://cert.vde.com/en/advisories/VDE-2024-048
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-08-27T08:01:09.810Z

Updated: 2024-08-27T17:48:58.704Z

Reserved: 2024-07-17T13:42:44.525Z

Link: CVE-2024-41174

Vulnrichment

Updated: 2024-08-27T17:48:53.734Z

NVD

Status : Analyzed

Published: 2024-08-27T08:15:04.860

Modified: 2025-01-28T17:27:44.077

Link: CVE-2024-41174

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41174", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-07-17T13:42:44.525Z", "datePublished": "2024-08-27T08:01:09.810Z", "dateUpdated": "2024-08-27T17:48:58.704Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IPC Diagnostics package", "vendor": "Beckhoff", "versions": [{"lessThan": "2.0.0.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TwinCAT/BSD", "vendor": "Beckhoff", "versions": [{"lessThan": "14.1.2.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.</span><br>"}], "value": "The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-08-27T08:01:09.810Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-048"}], "source": {"advisory": "VDE-2024-048", "defect": ["CERT@VDE#641672"], "discovery": "UNKNOWN"}, "title": "Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "beckhoff", "product": "ipc_diagnostics", "cpes": ["cpe:2.3:a:beckhoff:ipc_diagnostics:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.0.0.1", "versionType": "semver"}]}, {"vendor": "beckhoff", "product": "twincat\\/bsd", "cpes": ["cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "14.1.2.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T17:47:12.981274Z", "id": "CVE-2024-41174", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T17:48:58.704Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41174", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-27T17:47:12.981274Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:beckhoff:ipc_diagnostics:*:*:*:*:*:*:*:*"], "vendor": "beckhoff", "product": "ipc_diagnostics", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0.1", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*"], "vendor": "beckhoff", "product": "twincat\\/bsd", "versions": [{"status": "affected", "version": "0", "lessThan": "14.1.2.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T17:48:53.734Z"}}], "cna": {"title": "Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD", "source": {"defect": ["CERT@VDE#641672"], "advisory": "VDE-2024-048", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Beckhoff", "product": "IPC Diagnostics package", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Beckhoff", "product": "TwinCAT/BSD", "versions": [{"status": "affected", "version": "0", "lessThan": "14.1.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-048"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-08-27T08:01:09.810Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41174", "state": "PUBLISHED", "dateUpdated": "2024-08-27T17:48:58.704Z", "dateReserved": "2024-07-17T13:42:44.525Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2024-08-27T08:01:09.810Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:ipc_diagnostics_package:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CE6AD04-5B96-480C-A9A4-1A3DE962306D", "versionEndExcluding": "2.1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:beckhoff:twincat\\/bsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "A311642D-9723-4D61-8979-20A1F28EB17E", "versionEndExcluding": "14.1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker."}, {"lang": "es", "value": "El paquete IPC-Diagnostics en TwinCAT/BSD es susceptible a una neutralizaci\u00f3n de entrada inadecuada por parte de un atacante local con pocos privilegios."}], "id": "CVE-2024-41174", "lastModified": "2025-01-28T17:27:44.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-27T08:15:04.860", "references": [{"source": "info@cert.vde.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2024-048"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}